Skip to content


Preventing FileZilla’s quickconnect from saving your passwords

I recently started to see if I could use Portable FileZilla as an emergency FTP client in case something goes wrong on wiki4games or patheticcockroach.com. With this I could notably use the FTP even from work, if needed. But while testing, I found a little issue: the quickbar doesn’t have an option not to save the password. And I’d prefer to use the quickconnect bar because I don’t want save my accounts on the portable version so it’s quite faster than using the Site Manager every time.

I suppose you’re thinking:

  • If I clear the quickconnect bar every time, what’s the problem with it saving the passwords? => Well, what if I forget to clear the quickconnect bar?
  • The quickconnect bar doesn’t save the password if you don’t type it in the bar (source: comment by Denis “If you don’t enter a password in the “Quickconnect” bar, FileZilla will ask for the password when you connect. But in this case, the password won’t be saved […]”), so just don’t type the password in the bar. => Well, what if I accidentally enter it anyway?

As you can see, the risks are low but they do exist: all is set up as if it was conceived just in the purpose of getting you to make a mistake (no confirmation when saving the password, need to clear manually on exit). But fortunately, the FileZilla crew provided us with a solution a while ago: the “Kiosk mode”. Introduced in version 3.1.2-rc1 (2008-08-24), it will prevent FileZilla from writing any passwords to the disk if set to 1. It was updated in version 3.2.3 (2009-03-21) with a new possible value of 2 which prevents FileZilla from writing to any settings files. To configure the Kiosk mode, add <Setting name="Kiosk mode">2</Setting> withing the Settings block in fzdefaults.xml (in FileZilla Portable, this file is located in App/filezilla).
Beware: setting the Kiosk mode to 1 or 2 will not clear existing passwords, it will just prevent FileZilla from saving new passwords. To remove already saved password you need to do this manually (just clear the quickconnect bar).

Sources:

Posted in FileZilla, FTP.


2 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  1. Lisa says

    Great post – many thanks! Just what I was looking for. I do prefer WinSCP to Filezilla, but WinSCP is soooo slooow! So when I have a large number of files to transfer, I go with Filezilla – but I’m not too keen it’s auto “save password” feature.
    Thanks again!

  2. John says

    Important post – Some days ago a maschine in my agency was infected with a trojan stealing all credentials saved in filezilla. All sites were infected and we had lots of work cleaning them up …



Some HTML is OK

or, reply to this post via trackback.

Sorry about the CAPTCHA that requires JS. If you really don't want to enable JS and still want to comment, you can send me your comment via e-mail and I'll post it for you.

Please solve the CAPTCHA below in order to fight spamWordPress CAPTCHA